Securify!

January 05, 2016

Brakeman, sql injection, xss, the real basic topics. Mostly just to set groundwork and cover the "start here" stuff.

Presented by Gavin Miller

Talk 2: Exploiting binaries with Python for fun, but no profit

Successfully breaching a remote system using memory corruption is one of the most satisfying feelings in computer science. Of course, finding such vulnerabilities and writing a successful exploit in commercial software is no easy feat, not to mention the possible legal concerns. However, for budding reverse engineers and security researchers, capture-the-flag competitions provide a gateway to learning how to successfully find vulnerabilities and write exploits. The competitions provide vulnerable applications which contestants must find and exploit during the competition.

This talk will demystify how binary exploitation challenges within capture-the-flag competitions often work. A challenge from a recent competition will be solved live. The solution will demonstrate the use of reverse engineering tools, a debugger, and Python to find the vulnerability, come up with an exploitation plan, and finally create a working exploit. Attendees are not expected to have reverse engineering experience.